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CLAIMS 

Method for the initialisation of mobile data carriers (IM) with assigned 
decentralised read and write stations (WR) and/or of decentralised read and 
write stations (WR) within the framework of an authorisation system (A), 
characterised in that by an authorisation with authorisation means (AM) at an 
authorisation authority (HA) in a secure environment (g) initialisation data 
(DI, A-I, I-D are generated and transmitted through a network (N) in a secure 
communication and with security rules corresponding to the authorisation 
system to a decentralised authorised read and write station (A-WR) and 
wherein the mobile data carriers (IM) are correspondingly initialised (IMj) 
with the initialisation data (DI) at the read and write station (A-WR) 
and/or that the initialisation data (DI) are transmitted through the network (N) 
to a decentralised read and write station (WR), by means of which the read 
and write station is initialised (WRk). 

Method in accordance with claim 1, characterised in that the authorisation 
authority (HA) is formed by a host computer (H) or by a remote authorisation 
read and write station (R-A-WR). 

Method according to claim 1 or 2, characterised in that the authorisation 
means (AM) are formed by special authorisation identification media (AM- 
IM) or by authorisation data (AM-I). 

Method in accordance with one of the preceding claims, characterised in that 
a (non-authorised) decentralised read and write station (WR) is first of all 
transformed into an authorised read and write station (A-WR) by means of 
function authorisation data (A-I-FA) contained in the initialisation data (DI), 
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which subsequently is capable of initialising mobile data carriers (IM) in 
correspondence with the initialisation data. 

Method according to one of the preceding claims, characterised in that within 
the framework of the authorisation system (A) several authorisation 
authorities (HAi) with the same and/or with differing authorisation levels 
(OLi) are provided. 

Method in accordance with one of the preceding claims, characterised in that 
several authorisation means (AMi) with the same and/or with differing 
authorisation levels (OLi) are provided. 

Method according to one of the preceding claims, characterised in that 
initialisation data (DI, A-I, I-I) are transmitted to the authorised read and 
write stations (A-WR), resp., to the decentralised read and write stations 
(WR) through more than one network level (Nl, N2) and/or through more 
than one authorisation authority (HA1,HA2). 

Method in accordance with one of the preceding claims, characterised in that 
the initialisation data (DI) are transmitted through a secure private network 
(Np). 

Method according to one of the preceding claims, characterised in the 
initialisation data are transmitted through an open public network (No) with 
an encryption and security gates on both sides (Gl, G2). 

Method in accordance with one of the preceding claims, characterised in that 
with the initialisation data (DI2.2) application extensions (App2.2) are 
initialised. 
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Method according to one of the preceding claims, characterised in that with 
the initialisation data (DI3) new independent applications (App3) are 
initialised. 

Method in accordance with one of the preceding claims, characterised in that 
in a blank mobile data carrier prepared with a system data field (CDF) 
applications (App) are newly initialised with the initialisation data (DI). 

Method according to one of the preceding claims, characterised in that 
through the network (N) a permanent connection between the authorisation 
authority (HA) and the decentralised read and write station (A-WR, WR) is in 
existence. 

Method in accordance with one of the preceding claims, characterised in that 
the connection between the authorisation authority (HA) and the 
decentralised read and write stations (A-WR, WR) through the network (N) is 
only in existence occasionally and that when it is an exchange of data takes 
place. 

Method according to one of the preceding claims, characterised in that for 
the initialisation a user authorisation (aw) is effected by the read and write 
station (A-WR, WR), resp., by its owner (12) and/or that an identification 
authorisation means (TD-AM) is necessary. 

Method in accordance with one of the preceding claims, characterised in that 
for an initialisation a user authorisation (ai) through the data carrier, resp., the 
owner (13) of the data carrier takes place. 
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Method according to one of the preceding claims, characterised in that for the 
authorisation of initialisations through the network (N), as well as for the 
execution of applications at the read and write station (A-WR, WR), resp., at 
the data carrier (IM) personal data (aw) of the owner of the read and write 
station, resp., personal data (ai) of the owner of the data carrier, such as a PIN 
code or biometric data, are made use of as authorisation means. 

Method in accordance with one of the preceding claims, characterised in that 
the mobile data carriers (IM) comprise an applications micro-processor 
(AppuP) for the processing of applications program data (M-Cod). 

Method according to one of the preceding claims, characterised in that the 
data carriers (IM) are designed as contact-less, active or passive identification 
media. 

Method in accordance with one of the preceding claims, characterised in that 
the mobile data carriers (IM), the authorisation identification media (AM-IM) 
and the identification authorisation media (ID-AM) are formed by the same 
mobile data carriers. 

Method according to one of the preceding claims, characterised in that status 
information (S-I) concerning events at the authorised, resp., at the 
decentralised read and write stations (A-WR, WR) and/or at the mobile data 
tfM} is annunciated to a corresponding authorisation authority (HA) 
through the network (N). 

Method in accordance with claim 21, characterised in that the status 
information (S-I) is utilized for usage or licence fee debiting. 
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Method according to one of the preceding claims, characterised in that every 
new initialisation of a data carrier (IM) for the purpose of debiting a usage or 
licence fee is annunciated to the authorisation authority (HA) through the 
network (N). 

Method in accordance with one of the preceding claims, characterised in that 
every usage of an application at a read and write station (WR) for the purpose 
of debiting a usage or licence fee is annunciated to the authorisation authority 
(HA) through the network (N). 

Method according to one of the preceding claims, characterised in that a 
multi-level initialisation of the data carriers (IM) through networks (N) is 
provided, which is effected in hierarchically graduated steps within the 
framework of the authorisation system (A). 

Mobile data carrier (IMj) with an application (App) initialised in accordance 
with claim 1 through authorisation through a network (N). 

Read and write station (WRk) with an application initialised (k) according to 
the method of claim 1 by authorisation through a network (N). 

Installation for the initialisation of mobile data carriers (IM) with assigned 
decentralised read and write stations (WR) and/or of decentralised read and 
write stations (WR) within the framework of an authorisation system (A), 
characterised in that initialisation data (DI, A-I, M) are generated by 
authorisation means (AM) at an authorisation authority (HA) in a secure 
environment (g) and are transmitted through a network (N) in a secure 
communication and with security rules in correspondence with the 
authorisation system to a decentralised authorised read and write station (A- 
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WR) 

and that the mobile data carriers (IM) at the read and write station (A-WR) 
are correspondingly initialised (IMj) with the initialisation data (DI) and/or 
that the initialisation data (DI) are transmitted to a decentralised read and 
write station (WR) through the network (N), by means of which the read and 
write station (WR) is initialised (WRk). 



